HIPAA Privacy Rule Use and Disclosure Misconceptions

Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical C........

With the complexity of the Privacy Rule and the frequent changes to it, healthcare covered entities and their business associates often do not know what uses and disclosures the Privacy Rule permits. Not knowing when you can disclose health information This can result in can result in bad outcomes, including the death of the patient/client, lawsuits for breach of confidentiality, HIPAA civil money penalties, and bad publicity, as well as making the provision of healthcare less efficient. These and related questions are key to HIPAA compliance and to minimize potential liability.

Why should you attend this webinar?

Some aspects of HIPAA are not applicable to every member of a covered entities or business associates workforce, such as how to know whether to report a breach to DHHS or whether a particular mailing to patients constitutes marketing which must follow the HIPAA marketing rules or is simply a continuity of care. But all workforce members must know the HIPAA rules for accessing Protected Health Information ("PHI"), using it, and disclosing it. May a nurse, for example, give access to a patient chart to a law enforcement officer who said that he needs to know the certain identifying information to identify a murder suspect? Can a psychologist tell a spouse the appointment time for the client's next visit without the client's signed consent or authorization? These and similar questions arise all the time and you won't always have time (or resources) to get a legal opinion on the question. Civil money penalties to date range from $50,000 to two in the $4 million range. Some of these penalties resulted from improper access by a workforce member, improper use, or improper disclosure. Such improper actions can also result in criminal liability. A physician went to federal prison for improper chart access. A nurse was convicted of improperly using PHI to threaten a lawsuit. Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million; and a county government (Skagit County in Washington State), $215,000.In addition, other states and federal privacy laws have penalties ranging from fines, professional discipline, and lawsuits. A physician in Pennsylvania was fined a large sum and lost her hospital privileges because of an improper disclosure on her Facebook.

Areas Covered in the Session:

Overview of HIPAA and the Security and Privacy Rules.

Preemption of State and Federal Law.

Proper and Improper Access to PHI.

Proper and Improper Disclosure of Law Enforcement.

Disclosures to identify a suspect or missing person.

Disclosures to prevent a serious and imminent harm.

Disclosures to respond to crime on the premises.

Disclosures in response to a warrant, court order, or subpoena.

Uses and Disclosures for Treatment, Payment, and Healthcare Operations

Definition.

HIPAA requirements for such uses and disclosures.

Disclosure to the Patient/Client.

Requirement for.

Grounds for denying access.

Can/Must you disclose third-party PHI.

Disclosures to Family Members.

Who qualifies?

The requirement for an opportunity to object.

Examples.

Disclosures for marketing and fundraising.

Conclusion and Question and Answer.

Who can Benefit:

Target audience, role/designation.

Health Professionals and their staffs

Privacy and Security Officers

Medical Records Professionals

IT Professionals, Office Managers

Risk Managers

Business Associates of Covered Entities those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers.